CVE-2023-30584

CWE-22Path Traversal9 documents6 sources
Severity
7.7HIGH
EPSS
0.0%
top 98.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Nodejs Node
Timeline
PublishedSep 7

Description

A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of path traversal bypass when verifying file permissions. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.5 | Impact: 5.2

Affected Packages1 packages

CVEListV5nodejs/node4.04.*+16

🔴Vulnerability Details

2
CVEList
CVE-2023-30584: A vulnerability has been discovered in Node2024-09-07
GHSA
GHSA-jpgc-8hrm-hvwj: A vulnerability has been discovered in Node2024-09-07

📋Vendor Advisories

4
Red Hat
nodejs: permission model improperly protects against path traversal2023-10-13
Red Hat
nodejs: path traversal through path stored in Uint8Array2023-10-13
Red Hat
nodejs: path traversal bypass in experimental permission model2023-06-20
Debian
CVE-2023-30584: nodejs - A vulnerability has been discovered in Node.js version 20, specifically within t...2023

💬Community

2
HackerOne
Path traversal through path stored in Uint8Array in Node.js 202024-01-20
HackerOne
Permission model improperly protects against path traversal in Node.js 202023-11-30
CVE-2023-30584 (HIGH CVSS 7.7) | A vulnerability has been discovered | cvebase.io